The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Classpath | Gnu | * | 0.97.2 (including) |
| Classpath | Gnu | 0.6 (including) | 0.6 (including) |
| Classpath | Gnu | 0.7 (including) | 0.7 (including) |
| Classpath | Gnu | 0.8 (including) | 0.8 (including) |
| Classpath | Gnu | 0.9 (including) | 0.9 (including) |
| Classpath | Gnu | 0.10 (including) | 0.10 (including) |
| Classpath | Gnu | 0.11 (including) | 0.11 (including) |
| Classpath | Gnu | 0.12 (including) | 0.12 (including) |
| Classpath | Gnu | 0.13 (including) | 0.13 (including) |
| Classpath | Gnu | 0.14 (including) | 0.14 (including) |
| Classpath | Gnu | 0.15 (including) | 0.15 (including) |
| Classpath | Gnu | 0.16 (including) | 0.16 (including) |
| Classpath | Gnu | 0.17 (including) | 0.17 (including) |
| Classpath | Gnu | 0.18 (including) | 0.18 (including) |
| Classpath | Gnu | 0.19 (including) | 0.19 (including) |
| Classpath | Gnu | 0.20 (including) | 0.20 (including) |
| Classpath | Gnu | 0.90 (including) | 0.90 (including) |
| Classpath | Gnu | 0.91 (including) | 0.91 (including) |
| Classpath | Gnu | 0.92 (including) | 0.92 (including) |
| Classpath | Gnu | 0.93 (including) | 0.93 (including) |
| Classpath | Gnu | 0.95 (including) | 0.95 (including) |
| Classpath | Gnu | 0.96 (including) | 0.96 (including) |
| Classpath | Gnu | 0.96.1 (including) | 0.96.1 (including) |
| Classpath | Gnu | 0.97 (including) | 0.97 (including) |
| Classpath | Gnu | 0.97.1 (including) | 0.97.1 (including) |